CVSS: 7.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-1529 – Cross-site Scripting in CMS Made Simple
https://notcve.org/view.php?id=CVE-2024-1529
12 Mar 2024 — Vulnerability in CMS Made Simple 2.2.14, which does not sufficiently encode user-controlled input, resulting in a Cross-Site Scripting (XSS) vulnerability through /admin/adduser.php, in multiple parameters. This vulnerability could allow a remote attacker to send a specially crafted JavaScript payload to an authenticated user and partially take over their browser session. Vulnerabilidad en CMS Made Simple 2.2.14, que no codifica suficientemente la entrada controlada por el usuario, lo que resulta en una vul... • https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-cms-made-simple • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-1528 – Cross-site Scripting in CMS Made Simple
https://notcve.org/view.php?id=CVE-2024-1528
12 Mar 2024 — CMS Made Simple version 2.2.14, does not sufficiently encode user-controlled input, resulting in a Cross-Site Scripting (XSS) vulnerability through /admin/moduleinterface.php, in multiple parameters. This vulnerability could allow a remote attacker to send a specially crafted JavaScript payload to an authenticated user and partially hijack their browser session. CMS Made Simple versión 2.2.14 no codifica suficientemente la entrada controlada por el usuario, lo que genera una vulnerabilidad de Cross Site Scr... • https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-cms-made-simple • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-1527 – Unrestricted Upload of File with Dangerous Type in CMS Made Simple
https://notcve.org/view.php?id=CVE-2024-1527
12 Mar 2024 — Unrestricted file upload vulnerability in CMS Made Simple, affecting version 2.2.14. This vulnerability allows an authenticated user to bypass the security measures of the upload functionality and potentially create a remote execution of commands via webshell. Vulnerabilidad de carga de archivos sin restricciones en CMS Made Simple, que afecta a la versión 2.2.14. Esta vulnerabilidad permite a un usuario autenticado eludir las medidas de seguridad de la funcionalidad de carga y potencialmente crear una ejec... • https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-cms-made-simple • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.8EPSS: 7%CPEs: 1EXPL: 2CVE-2008-2267 – CMS Made Simple 1.2.4 Module FileManager - Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2008-2267
16 May 2008 — Incomplete blacklist vulnerability in javaUpload.php in Postlet in the FileManager module in CMS Made Simple 1.2.4 and earlier allows remote attackers to execute arbitrary code by uploading a file with a name ending in (1) .jsp, (2) .php3, (3) .cgi, (4) .dhtml, (5) .phtml, (6) .php5, or (7) .jar, then accessing it via a direct request to the file in modules/FileManager/postlet/. Vulnerabilidad de lista negra incompleta en javaUpload.php de Postlet en el módulo FileManager de CMS Made Simple 1.2.4 y versione... • https://www.exploit-db.com/exploits/5600 • CWE-20: Improper Input Validation •